Use

During the authorization check, the system checks whether the user is authorized to perform an activity for the object (for example, change a case or read a document). This depends on the organisational assignments of the object and of the user. For this reason you need to define your requirements for the authorization check based on the SAP organizational structure.

You first need to define the authorization check levels for the authorization objects RMPS: Access Record, Case, Document org. Assignment User (PS_RMPSORG) and RMPS: Access Record, Case, Special Org. Units (PS_RMPSOEH) in this IMG activity.

It is possible that the SAP organizational structure is more detailed than required by your desired authorization check. By defining the organizational levels for the authorization check you can group several levels of the organizational structure together.

You can define different authorizations for each level such as department. You create organizational objects (for example department 1 and department 2) for each level in the IMG activity "Create Organizational Objects for Authorization Check". You link organizational objects with your organizational structure by assigning the organizational object to the corresponding organizational units of the SAP organizational structure in the IMG activity "Assign Organizational Object to Organization Unit for Authorization Check".

The authorization check is executed after user input as follows:

1. The system determines the organizational unit that is assigned to the user.
2. The system creates a list of all organizational units subordinate to the organizational unit in the hierarchy.
3. The system determines all organizational objects that are assigned to these organizational units.
4. The system determines the organizational unit that is assigned to the object.
5. The system creates a list of all organizational units that are subordinate to the organizational unit in the hierarchy.
6. The system determines all organizational objects that are assigned to these organizational units.
7. The system creates the intersection of the matching organizational objects of the user and the object to be processed.
8. The system determines the organizational levels that are the same for the user and the object to be processed.
9. When a matching organizational level is found, the system performs the authorization check.
10. If the user is authorized to execute the desired activity, processing is allowed. If not, the system rejects the processing.

Requirements

Standard settings

In the standard system the organizational levels authority, department, section and registry are defined.

Activities

1. Define your authorization concept based on the organizational assignment of the employees and Records Management objects (records, cases, documents).
2. Check whether the organizational levels contained in the standard system meet your requirements.
3. If not, you might create new organizational levels or delete unwanted levels.

Notice that the organizational level "registry" is handled differently during the authorization check. Only use this level, if you have different registries in your organization, that are supposed to have different authorizations for their assigned organizational areas than outside of these areas.

If your organization only has one central registry, and all recorders should have the same authorizations - independent of their assignment within the organization - you should not use the organizational level registry.

Example

The authorization that is based on the assignment within the organization only depends on the department. Delete the other entries.

Further notes

You can find more information on the authorizations in Records and Case Management in the SAP Library under mySAP-Technology Components -> Cross-Application Functions -> Records and Case Management.